From

Thank you

Sorry

The next version of standard Java, due in mid-March, will have Transport Layer Security (TLS) 1.2 set by default, thus providing encrypted Internet communications. But the move is not a solution for Java's ongoing security woes.

TLS 1.2 will be enabled in Java Development Kit (JDK) 8, set to ship March 18. Version 1.2 strengthens the protection of Internet communications against eavesdropping and is backward-compatible with versions 1.1 and 1.0, the Java Platform Group said in a blog post this week. "TLS is designed to encrypt conversations between two parties and ensure that others can neither read nor modify the conversation. When combined with certificate authorities, a proper level of trust is established: we know who is on the other end of the conversation and that conversation is protected from eavesdropping/modification."

"Turning on TLS by default is like installing steel pipes between communication points instead of using a tube of chain-link fencing. It helps battle exposure of data to third parties, ensures the recipient doesn't get a substituted malware-ridden message and can in some cases enable the parties to confirm that they're talking to the right partner," said Eve Maler, security analyst at Forrester Research.

"But the main problems with Java have to do with the ubiquity of old versions of the Java platform; they keep a number of vulnerabilities alive," she added.